def _mini_manifest(addon, version_id, token=None):
if not addon.is_packaged:
raise http.Http404
version = get_object_or_404(addon.versions, pk=version_id)
file_ = version.all_files[0]
manifest = addon.get_manifest_json(file_)
package_path = absolutify(
reverse('reviewers.signed', args=[addon.app_slug, version.id]))
if token:
# Generate a fresh token.
token = Token(data={'app_id': addon.id})
token.save()
package_path = urlparams(package_path, token=token.token)
data = {
'name': manifest['name'],
'version': version.version,
'size': file_.size,
'release_notes': version.releasenotes,
'package_path': package_path,
}
for key in ['developer', 'icons', 'locales']:
if key in manifest:
data[key] = manifest[key]
return json.dumps(data, cls=JSONEncoder)
def redirect(request, viewer, key):
new = Token(data=[viewer.file.id, key])
new.save()
url = urljoin(settings.STATIC_URL,
reverse('mkt.files.serve', args=[viewer, key]))
url = urlparams(url, token=new.token)
return http.HttpResponseRedirect(url)
def _mini_manifest(addon, version_id, token=None):
if not addon.is_packaged:
raise http.Http404
version = get_object_or_404(addon.versions, pk=version_id)
file_ = version.all_files[0]
manifest = addon.get_manifest_json(file_)
package_path = absolutify(
reverse('reviewers.signed', args=[addon.app_slug, version.id]))
if token:
# Generate a fresh token.
token = Token(data={'app_id': addon.id})
token.save()
package_path = urlparams(package_path, token=token.token)
data = {
'name': manifest['name'],
'version': version.version,
'size': file_.size,
'release_notes': version.releasenotes,
'package_path': package_path,
}
for key in ['developer', 'icons', 'locales']:
if key in manifest:
data[key] = manifest[key]
return json.dumps(data, cls=JSONEncoder)
def redirect(request, viewer, key):
new = Token(data=[viewer.file.id, key])
new.save()
url = urljoin(settings.STATIC_URL,
reverse('mkt.files.serve', args=[viewer, key]))
url = urlparams(url, token=new.token)
return http.HttpResponseRedirect(url)
def post(self, request, pk, *args, **kwargs):
app = self.get_object()
token = Token(data={'app_id': app.id})
token.save()
log.info('Generated token on app:%s for user:%s' %
(app.id, request.user.id))
return Response({'token': token.token})
def post(self, request, pk, *args, **kwargs):
app = self.get_object()
token = Token(data={'app_id': app.id})
token.save()
log.info('Generated token on app:%s for user:%s' % (
app.id, request.amo_user.id))
return Response({'token': token.token})
def wrapper(request, addon, *args, **kw):
# If there is a 'token' in request.GET we either return 200 or 403.
# Otherwise we treat it like a normal django view and redirect to a
# login page or check for Apps:Review permissions.
allowed = False
token = request.GET.get('token')
if token and Token.pop(token, data={'app_id': addon.id}):
log.info('Token for app:%s was successfully used' % addon.id)
allowed = True
elif not token and not request.user.is_authenticated():
return redirect_for_login(request)
elif acl.action_allowed(request, 'Apps', 'Review'):
allowed = True
if allowed:
if token:
log.info('Token provided for app:%s and all was happy' %
addon.id)
else:
log.info('Apps:Review (no token) all happy for app:%s' %
addon.id)
return f(request, addon, *args, **kw)
else:
if token:
log.info('Token provided for app:%s but was not valid' %
addon.id)
else:
log.info('Apps:Review permissions not met for app:%s' %
addon.id)
raise PermissionDenied
def wrapper(request, addon, *args, **kw):
# If there is a 'token' in request.GET we either return 200 or 403.
# Otherwise we treat it like a normal django view and redirect to a
# login page or check for Apps:Review permissions.
allowed = False
token = request.GET.get('token')
if token and Token.pop(token, data={'app_id': addon.id}):
log.info('Token for app:%s was successfully used' % addon.id)
allowed = True
elif not token and not request.user.is_authenticated():
return redirect_for_login(request)
elif acl.action_allowed(request, 'Apps', 'Review'):
allowed = True
if allowed:
if token:
log.info('Token provided for app:%s and all was happy'
% addon.id)
else:
log.info('Apps:Review (no token) all happy for app:%s'
% addon.id)
return f(request, addon, *args, **kw)
else:
if token:
log.info('Token provided for app:%s but was not valid'
% addon.id)
else:
log.info('Apps:Review permissions not met for app:%s'
% addon.id)
raise PermissionDenied
def test_token(self):
self.grant_permission(self.user, 'Apps:Review')
res = self.client.post(self.url)
eq_(res.status_code, 200, res.content)
data = json.loads(res.content)
assert 'token' in data
# Check data in token.
assert Token.valid(data['token'], data={'app_id': self.app.id})
def test_token(self):
self.grant_permission(self.user, 'Apps:Review')
res = self.client.post(self.url)
eq_(res.status_code, 200, res.content)
data = json.loads(res.content)
assert 'token' in data
# Check data in token.
assert Token.valid(data['token'], data={'app_id': self.app.id})
def test_token(self):
self.grant_permission(self.user, "Apps:Review")
res = self.client.post(self.url)
eq_(res.status_code, 200, res.content)
data = json.loads(res.content)
assert "token" in data
# Check data in token.
assert Token.valid(data["token"], data={"app_id": self.app.id})
def wrapper(request, file_id, key, *args, **kw):
viewer = FileViewer(get_object_or_404(File, pk=file_id))
token = request.GET.get('token')
if not token:
log.error('Denying access to %s, no token.' % viewer.file.id)
raise PermissionDenied
if not Token.valid(token, [viewer.file.id, key]):
log.error('Denying access to %s, token invalid.' % viewer.file.id)
raise PermissionDenied
return func(request, viewer, key, *args, **kw)
def redirect(request, viewer, key):
new = Token(data=[viewer.file.id, key])
new.save()
url = reverse('files.serve', args=[viewer, key])
url = urlparams(url, token=new.token)
return http.HttpResponseRedirect(url)
def redirect(request, viewer, key):
new = Token(data=[viewer.file.id, key])
new.save()
url = reverse('files.serve', args=[viewer, key])
url = urlparams(url, token=new.token)
return http.HttpResponseRedirect(url)